Systesign

Systesign

5/24/2025, 11:32:34 AM

https://itnext.io/kubernetes-1-33-resizing-pods-without-the-drama-finally-88e4791be8d1 Normally vertically scaling pod resources is a game of pod-Russian-Roulette but with the introduction of this, you can dynamically react to changing workloads This article explains how-to along with the fineprint where this is limited or no support

Systesign

5/31/2025, 9:51:28 PM

Chrome's extension APIs (at least in recent years) are known for its security and it is rare to see any major vulnerability. Derin Eryılmaz writes about finding a vulnerability in ChromeOS, the operating system built on top of Chrome. He found a way to escape the Chrome API sandbox through the filesystem APIs to inadvertently get XSS. https://0x44.xyz/blog/cve-2023-4369/

Systesign

6/4/2025, 10:39:26 PM

https://clickhouse.com/blog/building-a-distributed-cache-for-s3 It's layers all the way down i tell you... I liked this article as it shows the slow evolution into distributed caching that ClickHouse Cloud had to make It highlights the improvements made in order to be able to access hot data, juxtaposing the latency, throughput and IOPS for object storage, SSDs and RAM If the cache disk fills up, the filesystem cache evicts the least recently used data to make room. And because column files in ClickHouse table parts are immutable, there’s generally no need for explicit cache invalidation.

Systesign

6/9/2025, 5:36:07 PM

What a great article showcasing that even a multi-billion dollar organization can make mistakes. The author explored the Google Account recovery page and discovered a no-JavaScript page still existed and could be used to brute force find the phone number associated with an account. First the author would share a document to the target email address, which would reveal the account details (First and Last name), then the author would attempt an account recovery via phone number. Google would leak the region of the phone number since it masks the phone number in the same format produced by libphonenumbers. The attacker would then have a script run against the account recovery API with generated country specific phone numbers. https://brutecat.com/articles/leaking-google-phones

Systesign

1/31/2025, 8:52:26 AM

https://www.chriis.dev/opinion/parsing-pdfs-in-elixir-using-rust Calling core Rust code that plays nicely with the Elixir BEAM needs NIF (Native Implemented Functions). NIFs are the BEAM's method to directly call Native Functions such as those written in Rust, giving you the performance benefit of Rust without sacrificing the ease of use of Elixir using the rustler crate https://crates.io/crates/rustler Fly.io's blog also explores packaging rust object files within elixir projects for production docker images https://fly.io/phoenix-files/elixir-and-rust-is-a-good-mix/

Systesign

2/10/2025, 10:00:34 AM

https://engineering.fb.com/2025/01/21/production-engineering/strobelight-a-profiling-service-built-on-open-source-technology/ Read on how Meta built Strobelight which combines a ton of open source tools into one profiling utopia, providing engineers with much needed information such as heap dumps from services using jemalloc, flame graphs, trace visualisations, e.t.c. This helps provide much needed performance wins across their entire compute fleet including a particular case that led to saving an estimated 15,000 servers in capacity per year

Systesign

2/19/2025, 3:00:45 AM

https://www.usenix.org/system/files/usenixsecurity23-he.pdf eBPF is such an amazing technology with vasts applications within networking, security, tracing, e.t.c. This 2 year old paper on cross container attacks in the cloud using eBPF broaches the seldom explored aspect of eBPF itself posing huge security risks despite its verifier .... with practical exploits at the time such as executing ssh in Google Collab (despite the block) and compromising the entire Alibaba cluster ... while proposing a new eBPF permission model to mitigate against its offensive functions

Systesign

2/25/2025, 10:22:49 PM

https://kobzol.github.io/rust/2025/02/23/tokio-plus-prctl-equals-nasty-bug.html The author of hyperqueue (a distributed task scheduler written in Rust https://github.com/It4innovations/hyperqueue) writes about a very interesting heisenbug that only occurs using the PR_SET_PDEATHSIG flag with prctl syscall https://man7.org/linux/man-pages/man2/pr_set_pdeathsig.2const.html flag on linux systems with the tokio async runtime

Systesign

2/27/2025, 11:27:43 PM

https://paulbutler.org/2025/smuggling-arbitrary-data-through-an-emoji/ I got nerdsnipped reading this cutesy article about sneaking data through emojis On its own it makes for good reading into some of the quirks of the unicode spec and potential ways to abuse it (which we won't... right?)